Campcodes Online Examination System Vulnerable to SQL Injection
CVE-2024-4916

9.8CRITICAL

Key Information:

Vendor: Campcodes
Status: Online Examination System
Vendor: CVE Published:; 15 May 2024

Badges

👾 Exploit Exists

What is CVE-2024-4916?

A vulnerability has been identified in Campcodes Online Examination System 1.0 that allows remote attackers to exploit an SQL injection within the selExamAttemptExe.php file. By manipulating the 'thisId' argument, attackers can inject arbitrary SQL commands into the database, potentially compromising sensitive data and leading to unauthorized data access. This flaw has been disclosed publicly, raising concerns regarding its exploitation by malicious actors.